For our example we're going to be using OAuth 2.0, so let's configure the appropriate endpoints. Under the management API service we go to security, OAuth 2.0, and we can see there's no results here, we click add. I've already pre-populated this page here so we're just going to talk through what the results are. So we have the CyberLabs for a display name. We have a client registration URL. I've just made up this URL. The type of grant is the authorization code. The authorization endpoint is the same authorization endpoint we used in Postman. 

So if we go back to our document here, we can see that this was the code we used. The next piece of information we need is the token URL, again, this is the same as we've already used and the token endpoint is here. If we keep scrolling down we can see we need the client credentials, front-end client ID, and the secret. Which we can see here is that same secret key that we've put in the text file. And if we click create, we can see that OAuth service is added. 

The next step is to use this auth service with our API. So let's go to the APIs, Demo Conference, and we look at the settings for the Demo Conference API. If we scroll down, we can see security. So let's select OAuth and we will get a list of all the configured OAuth 2.0 servers. So we've only got one, that's fine, we'll click save. We've now connected this API to the OAuth server. 

Next step is we wanna try and view this authorization code. What we're going to do is launch an incognito browser just so that we make sure we end up with the correct user. I'm gonna go log into portal.azure, and I'm going to use a user that I've already configured in the Azure AD. Which is in the onmicrosoft and keep Jessica signed in, yes. So now we're signed in as a user in the CyberLabs domain. And we want to take the developer portal and log in here. So I'm gonna use my other user. This would probably be Jessica as well, but this is the way we've set it up for now. And if we go to the Demo Conference API, and let's go to the GetSessions, and click try it. 

We can see now we've got the subscription key, it's already picked up the primary subscription. But we have a CyberLabs authorization. So if I select authorization code, we're getting a request here from CyberLabs for the app API to get access to the backend app and read the profile. So we're gonna accept that. And what we can see here is expected, this is saying that again, the reply URL isn't valid. 

So I wanted to show you a way you can grab this information to try and understand what it's doing. If you select this header here to Notepad, we'll just do a quick replace here to help make this readable. 3a becomes a colon and the percent 2f becomes a forward slash. 

We can now see that this application is looking for a redirect to cloud portal docs authorize callback. So this is the URL now that we need to authorize again against our application. We go to Reply URLs, we've already got it loaded. Paste that in there and save. cloud portal demo docs CyberLabs console, which is the complete URL for us to get to this developer portal. So let's just give this a hard refresh. 

Let's go to the get authorization token again, and we can see that Bearer Token's come through. So if we just show that token, let's just validate what we've got there. Copy that token, we'll go to the JWT.io. And we'll paste that into our debugger, and we can see we've got the backend application, the front-end application, and we're logged in as Jessica. Oh if we try and execute our request, we're getting the response 200 back, which is great. Successfully set up the OAuth server. We have successfully connected that OAuth server to our API, collected an authorization code through the browser. 

Let's just try this through Postman, see what we get. So if we put this in, now we don't have any token here, but we've still got the data back. So what we actually need to do is apply a policy to check for valid token, which we will do in the next section.